spambarrier.de - TLS / STARTTLS Test

Discover if the mail servers for spambarrier.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 31 Mar 2024 20:47:38 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Problems found

The mailservers of spambarrier.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @spambarrier.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.kundenserver.jetzt 159.69.18.25	5	supported	mail.kundenserver.jetzt	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-03-31 1 s
mx1.spambarrier.de 78.46.139.117 Results incomplete	10	supported	not checked	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-03-31 1 s
mx2.spambarrier.de 5.189.136.147 Results incomplete	20	supported	not checked	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-03-31 1 s

Outgoing Mails

We have not received any emails from a @spambarrier.de address so far. Test mail delivery

Certificates

First seen at: 2024-03-26

CN=mail.kundenserver.jetzt

Certificate chain

mail.kundenserver.jetzt
- 2024-06-18 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail.kundenserver.jetzt

Alternative Names

mail.kundenserver.jetzt

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-03-20
Not valid after: 2024-06-18

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 77:76:8B:6B:4A:4C:63:89:C3:5D:8B:B9:0E:E0:9E:24:FD:7D:E7:98:AF:E3:F3:AA:98:54:00:D5:CA:E3:FF:04
SHA1: CA:9B:FC:8B:B2:C5:F9:B1:DB:4C:39:59:12:33:91:42:37:45:0F:6E

X509v3 extensions

subjectKeyIdentifier

B7:BD:E6:BC:F0:99:5E:E0:3B:46:07:56:7A:08:FC:42:12:2E:1F:7B

authorityKeyIdentifier

keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

authorityInfoAccess

OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Mar 20 10:15:37.359 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:DD:C2:70:44:16:AE:C7:EF:8F:F4:09:
37:2B:FF:FC:D4:3A:CC:C1:41:DB:D6:99:32:35:34:A8:
D2:A8:30:60:48:02:21:00:CB:7D:53:F1:95:CB:F2:6A:
56:02:02:DB:32:FC:E1:50:7F:19:3D:F3:47:29:1F:14:
8D:69:22:E6:59:96:D5:36
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Mar 20 10:15:37.432 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B3:69:72:BD:7E:A4:41:5C:97:F9:F0:
A2:55:7B:08:8B:71:38:EF:E7:23:05:03:8E:8A:D5:D4:
A8:00:53:BA:99:02:20:0B:44:22:AA:26:7A:A9:15:FD:
C9:5F:EB:8C:2C:67:C5:26:16:23:FB:A5:06:68:35:47:
A5:D6:6A:94:E2:5D:77

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mx1.spambarrier.de	DANE-EE: Domain Issued Certificate Use full certificate SHA-256 Hash	valid	—
_25._tcp.mx2.spambarrier.de	DANE-EE: Domain Issued Certificate Use full certificate SHA-256 Hash	valid	—

SSL check results of spambarrier.de